Describe the bug
SonarCloud should be excluding frontend-react test files in its analysis, but it appears to still be checking them. A recent example of this is checking against an http:// link here -- the unsafe protocol is intention as part of the test.
Impact
This is a low-priority item because SonarCloud checks are not a hard blocker to merging. It's just something we'd like to resolve so we don't have to deal with erroneous complaints from SonarCloud.
To Reproduce
Steps to reproduce the behavior:
There are other examples of this, but the most reliably reproducible one is checking for unsafe protocols.
Update a test file in frontend-react to include an http:// link
Open a pull request
See SonarCloud raise a Security Hotspot warning
Expected behavior
SonarCloud should not be raising a warning in test files.
Describe the bug SonarCloud should be excluding frontend-react test files in its analysis, but it appears to still be checking them. A recent example of this is checking against an
http://
link here -- the unsafe protocol is intention as part of the test.See this Slack conversation for more context.
Impact This is a low-priority item because SonarCloud checks are not a hard blocker to merging. It's just something we'd like to resolve so we don't have to deal with erroneous complaints from SonarCloud.
To Reproduce Steps to reproduce the behavior: There are other examples of this, but the most reliably reproducible one is checking for unsafe protocols.
http://
linkExpected behavior SonarCloud should not be raising a warning in test files.